SWA Tomcat and Webtomcat ports are not loading
search cancel

SWA Tomcat and Webtomcat ports are not loading

book

Article ID: 403526

calendar_today

Updated On:

Products

Network Observability

Issue/Introduction

Symptoms:

  • After rebooting a stand-alone Spectrum webserver, customer notice the following error message in the catalina.out log:
<Date> <Time> [main] INFO  org.apache.catalina.core.AprLifecycleListener - APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
<Date> <Time> [main] INFO  org.apache.catalina.core.AprLifecycleListener - OpenSSL successfully initialized [OpenSSL 1.1.1t  7 Feb 2023]
<Date> <Time> [main] INFO  org.apache.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["https-openssl-nio-8443"]
<Date> <Time> [main] ERROR org.apache.catalina.util.LifecycleBase - Failed to initialize component [Connector["https-openssl-nio-8443"]]
org.apache.catalina.LifecycleException: Protocol handler initialization failed
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1011) ~[catalina.jar:9.0.83]
	...
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:477) ~[bootstrap.jar:9.0.83]
Caused by: java.lang.IllegalArgumentException: the trustAnchors parameter must be non-empty
	at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:107) ~[tomcat-coyote.jar:9.0.83]
	...
	at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) ~[catalina.jar:9.0.83]
	... 13 more
Caused by: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty
	at java.security.cert.PKIXParameters.setTrustAnchors(PKIXParameters.java:200) ~[?:?]
	...
        at org.apache.catalina.connector.Connector.initInternal(Connector.java:1009) ~[catalina.jar:9.0.83]
	... 13 more
  • They are unable to see port 8443 for connection.

Environment

Spectrum, all supported versions

Cause

In the sever.xml file, under the "<Connector>" tag set, customer have the following setting:

keystoreFile="<custom cacerts path>"	     
keystorePass="<keystore password>"

It is missing the "truststoreType" parameter.

 

Resolution

Customer need to add the following entry within the server.xml file.

truststoreType="JKS"

Within the Connector tag set then save the file.

Then stop and restart the tomcat webserver.  The check the catalina.log to see if customer is still getting the trustAnchors parameter being non-empty message.

Powered by Wolken Software